Fix logical issues with panel handler

2024-08-30 18:23:09 +00:00 · 2022-08-20 20:58:46 -04:00 · 2022-08-20 20:58:46 -04:00 · 02b6c3b545
commit 02b6c3b545
parent 6b82170d6f
2 changed files with 13 additions and 10 deletions
--- a/app/classes/controllers/users_controller.py
+++ b/app/classes/controllers/users_controller.py
@ -254,7 +254,7 @@ class UsersController:
    def remove_user(self, user_id):
        for user in self.get_managed_users(user_id):
            self.update_user(user.user_id, {"manager": None})
-        for role in HelperRoles.get_managed_roles(user_id):
+        for role in HelperUsers.get_managed_roles(user_id):
            HelperRoles.update_role(role.role_id, {"manager": None})
        return self.users_helper.remove_user(user_id)

--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -1313,7 +1313,7 @@ class PanelHandler(BaseHandler):

            if (
                EnumPermissionsCrafty.ROLES_CONFIG not in exec_user_crafty_permissions
-                and exec_user["user_id"] != role["manager"]
+                or exec_user["user_id"] != role["manager"]
                and not exec_user["superuser"]
            ):
                self.redirect(
@ -2042,7 +2042,10 @@ class PanelHandler(BaseHandler):
            else:
                manager = user["manager"]

-            if not exec_user["superuser"] and exec_user["user_id"] != user["user_id"]:
+            if (
+                not exec_user["superuser"]
+                and int(exec_user["user_id"]) != user["manager"]
+            ):
                if username is None or username == "":
                    self.redirect("/panel/error?error=Invalid username")
                    return
@ -2110,13 +2113,13 @@ class PanelHandler(BaseHandler):
                    user_id, user_data=user_data, user_crafty_data=user_crafty_data
                )

-            self.controller.management.add_to_audit_log(
-                exec_user["user_id"],
-                f"Edited user {username} (UID:{user_id}) with roles {roles} "
-                f"and permissions {permissions_mask}",
-                server_id=0,
-                source_ip=self.get_remote_ip(),
-            )
+                self.controller.management.add_to_audit_log(
+                    exec_user["user_id"],
+                    f"Edited user {username} (UID:{user_id}) with roles {roles} "
+                    f"and permissions {permissions_mask}",
+                    server_id=0,
+                    source_ip=self.get_remote_ip(),
+                )
            self.redirect("/panel/panel_config")

        elif page == "edit_user_apikeys":